Block Exchange ECP externally

cairnsbrycecairnsbryce Member
in aFleX
I am trying to block Exchange ECP(2013)from external access.
I am having issues with the aFlex rule below:

when HTTP_REQUEST {
if { HTTP::uri] starts_with "/ecp" } {
drop
}
}

In the GUI I get a Warning: aFlex syntax error:line 3;"syntax error in expression"Http::url]starts_with "/ecp" ":variable ref..""

What have done wrong and what would be the right syntax

thanks
Bryce
Tagged:

Comments

  • cairnsbrycecairnsbryce Member
    edited June 2014
    Figured it out
    amazing what a missed [ will do

    when HTTP_REQUEST {
    if { [HTTP::uri] starts_with “/ecp” } {
    drop
    }
    }
  • gspiersgspiers Member
    edited October 2015
    I'm hoping someone can give me a hand with this. I literally copy and pasted this into a new aFlex script, and I get "System has encountered some problem. Please try again later!" when I click Create. I'm on a TH3030S running 4.0.1-SP9 build 31 if that helps.

    Thanks,
    Gairy
  • dshindshin Member
    edited October 2015
    Was this attempt done in the GUI or CLI? I would like to recreate the problem and provide recommendation. Have you done it multiple times?

    Genard
  • gspiersgspiers Member
    edited October 2015
    Hi Genard, this was attempted using the GUI. I started by trying to block ecs, ews, and autodiscover to external IPs using the guidance here, under the "Security" section.

    https://dev-a10wp.pantheonsite.io/aflex-examples/

    None of the examples worked, and they all returned that message. I found the shorter link and that one failed also as mentioned above. I though it may be an issue with the parser, so I tried one that was already in our A10, a simple HTTP-to-HTTPS redirect, and that one took. Not sure why these are failing.

    Thanks for looking into it.
  • dshindshin Member
    edited October 2015
    So I found the problem. The "(quotes) on the /ecp wherever you copied and pasted the aFleX translate to a different character. I suggest that you retyping the "(open quote/close quote) characters for the script to work. Tested it and it works.

    when HTTP_REQUEST {
    if { [HTTP::uri] starts_with “/ecp” } {
    drop
    }
    }
  • gspiersgspiers Member
    edited October 2015
    That did the trick Genard, thank you for finding that. I was able to get the blocking working, and a visual confirmation with a HTTP::redirect. Thanks again for your help.


    when HTTP_REQUEST {
    set URI [HTTP::uri]
    if { not [IP::addr [IP::client_addr] equals 192.168.1.0/24] and ($URI starts_with "/ecp")} {
    HTTP::redirect "http://example.net/not_authorized.html"
    }
    }

    when HTTP_REQUEST {
    set URI [HTTP::uri]
    if { not [IP::addr [IP::client_addr] equals 192.168.1.0/24] and ($URI starts_with "/ews")} {
    HTTP::redirect "http://example.net/not_authorized.html"
    }
    }

    when HTTP_REQUEST {
    set URI [HTTP::uri]
    if { not [IP::addr [IP::client_addr] equals 192.168.1.0/24] and ($URI starts_with "/rpc")} {
    HTTP::redirect "http://example.net/not_authorized.html"
    }
    }
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal